[lvc-project] [PATCH 1/1] efi: capsule-loader: Use proper type when allocating cap_info->phys
Ivan Abramov
i.abramov at mt-integration.ru
Thu Sep 11 12:02:37 MSK 2025
When allocating memory for cap_info->phys in __efi_capsule_setup_info(),
sizeof(phys_addr_t *) is used instead of sizeof(phys_addr_t), which may
differ in some cases.
It's a similar issue to CVE-2024-27413.
Thus, use the correct type.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: f24c4d478013 ("efi/capsule-loader: Reinstate virtual capsule mapping")
Signed-off-by: Ivan Abramov <i.abramov at mt-integration.ru>
---
drivers/firmware/efi/capsule-loader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c
index 0c17bdd388e1..bbddeb6a0955 100644
--- a/drivers/firmware/efi/capsule-loader.c
+++ b/drivers/firmware/efi/capsule-loader.c
@@ -67,7 +67,7 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info)
cap_info->pages = temp_page;
temp_page = krealloc(cap_info->phys,
- pages_needed * sizeof(phys_addr_t *),
+ pages_needed * sizeof(phys_addr_t),
GFP_KERNEL | __GFP_ZERO);
if (!temp_page)
return -ENOMEM;
--
2.39.5
More information about the lvc-project
mailing list